Elevation of Privilege Vulnerability in Windows Management Services by Microsoft
CVE-2025-54103

7.4HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 21h2; Windows 11 Version 22h2; Windows 10 Version 22h2; Windows Server 2025 (server Core Installation)
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-54103?

An elevation of privilege vulnerability exists in Windows Management Services due to improper handling of objects in memory. An attacker who successfully exploits this vulnerability can execute arbitrary code with elevated privileges on the system. This could allow the attacker to install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability can be exploited locally, meaning the attacker requires access to the affected system to leverage this weakness.

Affected Version(s)

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.6332

Windows 10 Version 22H2 x64-based Systems 10.0.19045.0 < 10.0.19045.6332

Windows 11 version 22H2 ARM64-based Systems 10.0.22621.0 < 10.0.22621.5909

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Jul 16, 2025